did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780321247445

Introduction to Computer Security

by
  • ISBN13:

    9780321247445

  • ISBN10:

    0321247442

  • Edition: 1st
  • Format: Hardcover
  • Copyright: 2004-10-26
  • Publisher: Addison-Wesley Professional

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $84.99 Save up to $29.75
  • Rent Book $55.24
    Add to Cart Free Shipping Icon Free Shipping

    TERM
    PRICE
    DUE
    USUALLY SHIPS IN 24-48 HOURS
    *This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

Supplemental Materials

What is included with this book?

Summary

An excellent, beautifully written introduction to the subject of computer security - by a master teacher and practitioner.

Author Biography

Matt Bishop is a professor in the Department of Computer Science at the University of California at Davis

Table of Contents

Preface xxv
Goals xxvi
Philosophy xxvii
Organization xxix
Differences Between this Book and Computer Security: Art and Science xxx
Special Acknowledgment xxxi
Acknowledgments xxxi
An Overview of Computer Security
1(26)
The Basic Components
1(3)
Confidentiality
2(1)
Integrity
3(1)
Availability
4(1)
Threats
4(3)
Policy and Mechanism
7(2)
Goals of Security
8(1)
Assumptions and Trust
9(1)
Assurance
10(4)
Specification
11(1)
Design
12(1)
Implementation
12(2)
Operational Issues
14(3)
Cost-Benefit Analysis
14(1)
Risk Analysis
15(1)
Laws and Customs
16(1)
Human Issues
17(3)
Organizational Problems
18(1)
People Problems
19(1)
Tying It All Together
20(1)
Summary
21(1)
Further Reading
22(1)
Exercises
22(5)
Access Control Matrix
27(10)
Protection State
27(1)
Access Control Matrix Model
28(3)
Protection State Transitions
31(3)
Conditional Commands
33(1)
Summary
34(1)
Further Reading
35(1)
Exercises
35(2)
Foundational Results
37(8)
The General Question
37(1)
Basic Results
38(5)
Summary
43(1)
Further Reading
43(1)
Exercises
44(1)
Security Policies
45(16)
Security Policies
45(4)
Types of Security Policies
49(2)
The Role of Trust
51(2)
Types of Access Control
53(1)
Example: Academic Computer Security Policy
54(4)
General University Policy
55(1)
Electronic Mail Policy
55(1)
The Electronic Mail Policy Summary
56(1)
The Full Policy
56(1)
Implementation at UC Davis
57(1)
Summary
58(1)
Further Reading
58(1)
Exercises
59(2)
Confidentiality Policies
61(12)
Goals of Confidentiality Policies
61(1)
The Bell-LaPadula Model
62(8)
Informal Description
62(4)
Example: The Data General B2 UNIX System
66(1)
Assigning MAC Labels
66(3)
Using MAC Labels
69(1)
Summary
70(1)
Further Reading
70(1)
Exercises
71(2)
Integrity Policies
73(10)
Goals
73(2)
Biba Integrity Model
75(1)
Clark-Wilson Integrity Model
75(6)
The Model
77(2)
Comparison with the Requirements
79(1)
Comparison with Other Models
80(1)
Summary
81(1)
Further Reading
81(1)
Exercises
82(1)
Hybrid Policies
83(14)
Chinese Wall Model
83(5)
Bell-LaPadula and Chinese Wall Models
86(1)
Clark-Wilson and Chinese Wall Models
87(1)
Clinical Information Systems Security Policy
88(3)
Bell-LaPadula and Clark-Wilson Models
90(1)
Originator Controlled Access Control
91(1)
Role-Based Access Control
92(2)
Summary
94(1)
Further Reading
95(1)
Exercises
95(2)
Basic Cryptography
97(26)
What Is Cryptography?
97(1)
Classical Cryptosystems
98(15)
Transposition Ciphers
99(1)
Substitution Ciphers
100(1)
Vigenere Ciphers
101(6)
One-Time Pad
107(1)
Data Encryption Standard
108(4)
Other Classical Ciphers
112(1)
Public Key Cryptography
113(3)
RSA
114(2)
Cryptographic Checksums
116(3)
HMAC
118(1)
Summary
119(1)
Further Reading
119(1)
Exercises
120(3)
Key Management
123(22)
Session and Interchange Keys
124(1)
Key Exchange
124(6)
Classical Cryptographic Key Exchange and Authentication
125(3)
Kerberos
128(1)
Public Key Cryptographic Key Exchange and Authentication
129(1)
Cryptographic Key Infrastructures
130(6)
Certificate Signature Chains
131(1)
X.509: Certification Signature Chains
132(2)
PGP Certificate Signature Chains
134(2)
Summary
136(1)
Storing and Revoking Keys
136(1)
Key Storage
136(1)
Key Revocation
137(1)
Digital Signatures
137(3)
Classical Signatures
138(1)
Public Key Signatures
139(1)
Summary
140(1)
Further Reading
141(1)
Exercises
142(3)
Cipher Techniques
145(26)
Problems
145(2)
Precomputing the Possible Messages
145(1)
Misordered Blocks
146(1)
Statistical Regularities
146(1)
Summary
147(1)
Stream and Block Ciphers
147(6)
Stream Ciphers
148(1)
Synchronous Stream Ciphers
148(2)
Self-Synchronous Stream Ciphers
150(1)
Block Ciphers
151(1)
Multiple Encryption
152(1)
Networks and Cryptography
153(3)
Example Protocols
156(12)
Secure Electronic Mail: PEM
156(1)
Design Principles
157(1)
Basic Design
158(1)
Other Considerations
159(1)
Conclusion
160(1)
Security at the Network Layer: IPsec
161(1)
IPsec Architecture
162(3)
Authentication Header Protocol
165(1)
Encapsulating Security Payload Protocol
166(1)
Conclusion
167(1)
Summary
168(1)
Further Reading
168(1)
Exercises
169(2)
Authentication
171(28)
Authentication Basics
171(1)
Passwords
172(14)
Attacking a Password System
174(1)
Countering Password Guessing
175(1)
Random Selection of Passwords
176(1)
Pronounceable and Other Computer-Generated Passwords
177(1)
User Selection of Passwords
178(4)
Reusable Passwords and Dictionary Attacks
182(1)
Guessing Through Authentication Functions
183(1)
Password Aging
184(2)
Challenge-Response
186(4)
Pass Algorithms
186(1)
One-Time Passwords
187(1)
Hardware-Supported Challenge-Response Procedures
188(1)
Challenge-Response and Dictionary Attacks
189(1)
Biometrics
190(3)
Fingerprints
190(1)
Voices
191(1)
Eyes
191(1)
Faces
191(1)
Keystrokes
192(1)
Combinations
192(1)
Caution
192(1)
Location
193(1)
Multiple Methods
193(2)
Summary
195(1)
Further Reading
196(1)
Exercises
196(3)
Design Principles
199(12)
Overview
199(2)
Design Principles
201(6)
Principle of Least Privilege
201(1)
Principle of Fail-Safe Defaults
202(1)
Principle of Economy of Mechanism
202(1)
Principle of Complete Mediation
203(1)
Principle of Open Design
204(1)
Principle of Separation of Privilege
205(1)
Principle of Least Common Mechanism
206(1)
Principle of Psychological Acceptability
206(1)
Summary
207(1)
Further Reading
208(1)
Exercises
208(3)
Representing Identity
211(26)
What Is Identity?
211(1)
Files and Objects
212(1)
Users
213(1)
Groups and Roles
214(1)
Naming and Certificates
215(6)
The Meaning of the Identity
218(2)
Trust
220(1)
Identity on the Web
221(12)
Host Identity
221(1)
Static and Dynamic Identifiers
222(2)
Security Issues with the Domain Name Service
224(1)
State and Cookies
225(1)
Anonymity on the Web
226(4)
Anonymity for Better or Worse
230(3)
Summary
233(1)
Further Reading
233(1)
Exercises
234(3)
Access Control Mechanisms
237(24)
Access Control Lists
237(9)
Abbreviations of Access Control Lists
238(2)
Creation and Maintenance of Access Control Lists
240(1)
Which Subjects Can Modify an Object's ACL?
241(1)
Do the ACLs Apply to a Privileged User?
241(1)
Does the ACL Support Groups and Wildcards?
242(1)
Conflicts
242(1)
ACLs and Default Permissions
243(1)
Revocation of Rights
243(1)
Example: Windows NT Access Control Lists
244(2)
Capabilities
246(6)
Implementation of Capabilities
247(1)
Copying and Amplifying Capabilities
248(1)
Revocation of Rights
249(1)
Limits of Capabilities
250(1)
Comparison with Access Control Lists
251(1)
Locks and Keys
252(3)
Type Checking
253(2)
Ring-Based Access Control
255(2)
Propagated Access Control Lists
257(1)
Summary
258(1)
Further Reading
258(1)
Exercises
259(2)
Information Flow
261(26)
Basics and Background
261(2)
Information Flow Models and Mechanisms
263(1)
Compiler-Based Mechanisms
263(14)
Declarations
264(2)
Program Statements
266(1)
Assignment Statements
266(1)
Compound Statements
267(1)
Conditional Statements
267(1)
Iterative Statements
268(1)
Goto Statements
269(3)
Procedure Calls
272(1)
Exceptions and Infinite Loops
272(2)
Concurrency
274(2)
Soundness
276(1)
Execution-Based Mechanisms
277(4)
Fenton's Data Mark Machine
278(2)
Variable Classes
280(1)
Example Information Flow Controls
281(3)
Security Pipeline Interface
282(1)
Secure Network Server Mail Guard
282(2)
Summary
284(1)
Further Reading
284(1)
Exercises
285(2)
Confinement Problem
287(22)
The Confinement Problem
287(3)
Isolation
290(4)
Virtual Machines
290(2)
Sandboxes
292(2)
Covert Channels
294(12)
Detection of Covert Channels
296(7)
Mitigation of Covert Channels
303(3)
Summary
306(1)
Further Reading
306(1)
Exercises
307(2)
Introduction to Assurance
309(22)
Assurance and Trust
309(7)
The Need for Assurance
311(2)
The Role of Requirements in Assurance
313(1)
Assurance Throughout the Life Cycle
314(2)
Building Secure and Trusted Systems
316(8)
Life Cycle
316(1)
Conception
317(1)
Manufacture
318(1)
Deployment
319(1)
Fielded Product Life
320(1)
The Waterfall Life Cycle Model
320(1)
Requirements Definition and Analysis
320(1)
System and Software Design
321(1)
Implementation and Unit Testing
321(1)
Integration and System Testing
322(1)
Operation and Maintenance
322(1)
Discussion
322(1)
Other Models of Software Development
323(1)
Exploratory Programming
323(1)
Prototyping
323(1)
Formal Transformation
323(1)
System Assembly from Reusable Components
324(1)
Extreme Programming
324(1)
Building Security In or Adding Security Later
324(4)
Summary
328(1)
Further Reading
328(1)
Exercises
329(2)
Evaluating Systems
331(32)
Goals of Formal Evaluation
331(3)
Deciding to Evaluate
332(1)
Historical Perspective of Evaluation Methodologies
333(1)
TCSEC: 1983--1999
334(7)
TCSEC Requirements
335(1)
TCSEC Functional Requirements
335(1)
TCSEC Assurance Requirements
336(1)
The TCSEC Evaluation Classes
337(1)
The TCSEC Evaluation Process
338(1)
Impacts
338(1)
Scope Limitations
339(1)
Process Limitations
339(1)
Contributions
340(1)
FIPS 140: 1994--Present
341(2)
FIPS 140 Requirements
341(1)
FIPS 140-2 Security Levels
342(1)
Impact
342(1)
The Common Criteria: 1998--Present
343(13)
Overview of the Methodology
344(4)
CC Requirements
348(1)
CC Security Functional Requirements
349(2)
Assurance Requirements
351(1)
Evaluation Assurance Levels
351(2)
Evaluation Process
353(1)
Impacts
354(1)
Future of the Common Criteria
354(1)
Interpretations
355(1)
Assurance Class AMA and Family ALC_FLR
355(1)
Products Versus Systems
355(1)
Protection Profiles and Security Targets
355(1)
Assurance Class AVA
356(1)
EAL5
356(1)
SSE-CMM: 1997--Present
356(3)
The SSE-CMM Model
357(1)
Using the SSE-CMM
358(1)
Summary
359(1)
Further Reading
360(1)
Exercises
361(2)
Malicious Logic
363(26)
Introduction
363(1)
Trojan Horses
364(1)
Computer Viruses
365(8)
Boot Sector Infectors
367(1)
Executable Infectors
368(1)
Multipartite Viruses
369(1)
TSR Viruses
370(1)
Stealth Viruses
370(1)
Encrypted Viruses
370(1)
Polymorphic Viruses
371(1)
Macro Viruses
372(1)
Computer Worms
373(1)
Other Forms of Malicious Logic
374(2)
Rabbits and Bacteria
374(1)
Logic Bombs
375(1)
Defenses
376(9)
Malicious Logic Acting as Both Data and Instructions
376(1)
Malicious Logic Assuming the Identity of a User
377(1)
Information Flow Metrics
377(1)
Reducing the Rights
378(3)
Sandboxing
381(1)
Malicious Logic Crossing Protection Domain Boundaries by Sharing
381(1)
Malicious Logic Altering Files
382(1)
Malicious Logic Performing Actions Beyond Specification
383(1)
Proof-Carrying Code
384(1)
Malicious Logic Altering Statistical Characteristics
384(1)
The Notion of Trust
385(1)
Summary
385(1)
Further Reading
386(1)
Exercises
386(3)
Vulnerability Analysis
389(34)
Introduction
389(2)
Penetration Studies
391(13)
Goals
391(1)
Layering of Tests
392(1)
Methodology at Each Layer
393(1)
Flaw Hypothesis Methodology
393(1)
Information Gathering and Flaw Hypothesis
394(1)
Flaw Testing
395(1)
Flaw Generalization
395(1)
Flaw Elimination
396(1)
Example: Penetration of the Michigan Terminal System
396(2)
Example: Compromise of a Burroughs System
398(1)
Example: Penetration of a Corporate Computer System
399(1)
Example: Penetrating a UNIX System
400(2)
Example: Penetrating a Windows NT System
402(1)
Debate
403(1)
Conclusion
404(1)
Vulnerability Classification
404(2)
Two Security Flaws
405(1)
Frameworks
406(14)
The RISOS Study
406(2)
The Flaw Classes
408(1)
Legacy
409(1)
Protection Analysis Model
409(1)
The Flaw Classes
410(2)
Legacy
412(1)
The NRL Taxonomy
412(1)
The Flaw Classes
412(2)
Legacy
414(1)
Aslam's Model
414(1)
The Flaw Classes
415(1)
Legacy
415(1)
Comparison and Analysis
415(1)
The xterm Log File Flaw
416(2)
The fingerd Buffer Overflow Flaw
418(1)
Summary
419(1)
Further Reading
420(1)
Exercises
421(2)
Auditing
423(32)
Definitions
423(1)
Anatomy of an Auditing System
424(4)
Logger
424(2)
Analyzer
426(1)
Notifier
427(1)
Designing an Auditing System
428(6)
Implementation Considerations
429(1)
Syntactic Issues
429(2)
Log Sanitization
431(2)
Application and System Logging
433(1)
A Posteriori Design
434(4)
Auditing to Detect Violations of a Known Policy
435(1)
State-Based Auditing
435(1)
Transition-Based Auditing
436(1)
Auditing to Detect Known Violations of a Policy
437(1)
Auditing Mechanisms
438(3)
Secure Systems
438(2)
Nonsecure Systems
440(1)
Examples: Auditing File Systems
441(7)
Audit Analysis of the NFS Version 2 Protocol
441(4)
The Logging and Auditing File System (LAFS)
445(2)
Comparison
447(1)
Audit Browsing
448(2)
Summary
450(1)
Further Reading
451(1)
Exercises
451(4)
Intrusion Detection
455(32)
Principles
455(1)
Basic Intrusion Detection
456(2)
Models
458(7)
Anomaly Modeling
459(2)
Misuse Modeling
461(2)
Specification Modeling
463(1)
Summary
464(1)
Architecture
465(6)
Agent
465(1)
Host-Based Information Gathering
466(1)
Network-Based Information Gathering
467(1)
Combining Sources
467(2)
Director
469(1)
Notifier
469(2)
Organization of Intrusion Detection Systems
471(5)
Monitoring Network Traffic for Intrusions: NSM
471(1)
Combining Host and Network Monitoring: DIDS
472(3)
Autonomous Agents: AAFID
475(1)
Intrusion Response
476(9)
Incident Prevention
476(1)
Intrusion Handling
477(1)
Containment Phase
478(1)
Eradication Phase
479(3)
Follow-Up Phase
482(3)
Exercises
485(2)
Network Security
487(30)
Introduction
487(1)
Policy Development
488(5)
Data Classes
489(1)
User Classes
490(2)
Availability
492(1)
Consistency Check
492(1)
Network Organization
493(14)
Firewalls and Proxies
494(2)
Analysis of the Network Infrastructure
496(1)
Outer Firewall Configuration
497(2)
Inner Firewall Configuration
499(1)
In the DMZ
500(1)
DMZ Mail Server
500(1)
DMZ WWW Server
501(2)
DMZ DNS Server
503(1)
DMZ Log Server
503(1)
Summary
504(1)
In the Internal Network
504(2)
General Comment on Assurance
506(1)
Availability and Network Flooding
507(3)
Intermediate Hosts
507(1)
TCP State and Memory Allocations
508(2)
Anticipating Attacks
510(2)
Summary
512(1)
Further Reading
512(1)
Exercises
513(4)
System Security
517(38)
Introduction
517(1)
Policy
518(5)
The Web Server System in the DMZ
518(1)
The Development System
519(3)
Comparison
522(1)
Conclusion
523(1)
Networks
523(6)
The Web Server System in the DMZ
524(2)
The Development System
526(2)
Comparison
528(1)
Users
529(5)
The Web Server System in the DMZ
529(2)
The Development System
531(3)
Comparison
534(1)
Authentication
534(3)
The Web Server System in the DMZ
535(1)
Development Network System
535(2)
Comparison
537(1)
Processes
537(6)
The Web Server System in the DMZ
537(4)
The Development System
541(1)
Comparison
542(1)
Files
543(6)
The Web Server System in the DMZ
543(2)
The Development System
545(2)
Comparison
547(2)
Retrospective
549(1)
The Web Server System in the DMZ
549(1)
The Development System
550(1)
Summary
550(1)
Further Reading
551(1)
Exercises
551(4)
User Security
555(24)
Policy
555(1)
Access
556(6)
Passwords
556(2)
The Login Procedure
558(2)
Trusted Hosts
560(1)
Leaving the System
560(2)
Files and Devices
562(8)
Files
562(1)
File Permissions on Creation
563(1)
Group Access
564(1)
File Deletion
565(2)
Devices
567(1)
Writable Devices
567(1)
Smart Terminals
567(2)
Monitors and Window Systems
569(1)
Processes
570(5)
Copying and Moving Files
570(1)
Accidentally Overwriting Files
571(1)
Encryption, Cryptographic Keys, and Passwords
571(2)
Start-up Settings
573(1)
Limiting Privileges
573(1)
Malicious Logic
574(1)
Electronic Communications
575(1)
Automated Electronic Mail Processing
575(1)
Failure to Check Certificates
575(1)
Sending Unexpected Content
576(1)
Summary
576(1)
Further Reading
577(1)
Exercises
577(2)
Program Security
579(54)
Introduction
579(1)
Requirements and Policy
580(3)
Requirements
580(1)
Threats
581(1)
Group 1: Unauthorized Users Accessing Role Accounts
581(1)
Group 2: Authorized Users Accessing Role Accounts
582(1)
Summary
583(1)
Design
583(7)
Framework
584(1)
User Interface
584(1)
High-Level Design
584(1)
Access to Roles and Commands
585(1)
Interface
586(1)
Internals
586(1)
Storage of the Access Control Data
587(3)
Refinement and Implementation
590(7)
First-Level Refinement
590(1)
Second-Level Refinement
591(3)
Functions
594(1)
Obtaining Location
594(1)
The Access Control Record
595(1)
Error Handling in the Reading and Matching Routines
596(1)
Summary
597(1)
Common Security-Related Programming Problems
597(26)
Improper Choice of Initial Protection Domain
598(1)
Process Privileges
598(2)
Access Control File Permissions
600(1)
Memory Protection
601(1)
Trust in the System
602(1)
Improper Isolation of Implementation Detail
603(1)
Resource Exhaustion and User Identifiers
603(1)
Validating the Access Control Entries
604(1)
Restricting the Protection Domain of the Role Process
604(1)
Improper Change
605(1)
Memory
605(3)
Changes in File Contents
608(1)
Race Conditions in File Accesses
608(1)
Improper Naming
609(2)
Improper Deallocation or Deletion
611(1)
Improper Validation
612(1)
Bounds Checking
612(1)
Type Checking
613(1)
Error Checking
614(1)
Checking for Valid, not Invalid, Data
614(1)
Checking Input
615(2)
Designing for Validation
617(1)
Improper Indivisibility
617(1)
Improper Sequencing
618(1)
Improper Choice of Operand or Operation
619(2)
Summary
621(2)
Testing, Maintenance, and Operation
623(4)
Testing
624(1)
Testing the Module
625(1)
Testing Composed Modules
626(1)
Testing the Program
627(1)
Distribution
627(2)
Conclusion
629(1)
Summary
629(1)
Further Reading
629(1)
Exercises
630(3)
Lattices
633(4)
Basics
633(2)
Lattices
635(1)
Exercises
635(2)
The Extended Euclidean Algorithm
637(6)
The Euclidean Algorithm
637(1)
The Extended Euclidean Algorithm
638(2)
Solving ax mod n = 1
640(1)
Solving ax mod n = b
640(1)
Exercises
641(2)
Virtual Machines
643(6)
Virtual Machine Structure
643(1)
Virtual Machine Monitor
644(4)
Privilege and Virtual Machines
645(1)
Physical Resources and Virtual Machines
646(1)
Paging and Virtual Machines
647(1)
Exercises
648(1)
Bibliography 649(64)
Index 713

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Excerpts

Hortensio: Madam, before you touch the instrument To learn the order of my fingering, I must begin with rudiments of art To teach you gamouth in a briefer sort, More pleasant, pithy and effectual, Than hath been taught by any of my trade; And there it is in writing, fairly drawn. The Taming of the Shrew,III, i, 62-68. On September 11, 2001, terrorists seized control of four airplanes. Three were flown into buildings, and a fourth crashed, with catastrophic loss of life. In the aftermath, the security and reliability of many aspects of society drew renewed scrutiny. One of these aspects was the widespread use of computers and their interconnecting networks. The issue is not new. In 1988, approximately 5,000 computers throughout the Internet were rendered unusable within 4 hours by a program called a worm. While the spread, and the effects, of this program alarmed computer scientists, most people were not worried because the worm did not affect their lives or their ability to do their jobs. In 1993, more users of computer systems were alerted to such dangers when a set of programs called sniffers were placed on many computers run by network service providers and recorded login names and passwords. After an attack on Tsutomu Shimomura's computer system, and the fascinating way Shimomura followed the attacker's trail, which led to his arrest, the public's interest and apprehension were finally aroused. Computers were now vulnerable. Their once reassuring protections were now viewed as flimsy. Several films explored these concerns. Movies such asWar GamesandHackersprovided images of people who can, at will, wander throughout computers and networks, maliciously or frivolously corrupting or destroying information it may have taken millions of dollars to amass. (Reality intruded on Hackers when the World Wide Web page set up by MGM/United Artists was quickly altered to present an irreverent commentary on the movie and to suggest that viewers seeThe Netinstead. Paramount Pictures denied doing this.) Another film,Sneakers,presented a picture of those who test the security of computer (and other) systems for their owners and for the government. Goals This book has three goals. The first is to show the importance of theory to practice and of practice to theory. All too often, practitioners regard theory as irrelevant and theoreticians think of practice as trivial. In reality, theory and practice are symbiotic. For example, the theory of covert channels, in which the goal is to limit the ability of processes to communicate through shared resources, provides a mechanism for evaluating the effectiveness of mechanisms that confine processes, such as sandboxes and firewalls. Similarly, business practices in the commercial world led to the development of several security policy models such as the Clark-Wilson model and the Chinese Wall model. These models in turn help the designers of security policies better understand and evaluate the mechanisms and procedures needed to secure their sites. The second goal is to emphasize that computer security and cryptography are different. Although cryptography is an essential component of computer security, it is by no means the only component. Cryptography provides a mechanism for performing specific functions, such as preventing unauthorized people from reading and altering messages on a network. However, unless developers understand the context in which they are using cryptography, and unless the assumptions underlying the protocol and the cryptographic mechanisms apply to the context, the cryptography may not add to the security of the system. The canonical example is the use of cryptography to secure communications between two low-security systems. If only trusted users can access the two systems, cryptography protects messages in transit. But if untrusted users can access either system

Rewards Program